From: Dan Carpenter <dan.carpenter@oracle.com>
To: Kangjie Lu <kjlu@umn.edu>
Cc: devel@driverdev.osuosl.org, Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, pakki001@umn.edu,
Colin Ian King <colin.king@canonical.com>,
Aymen Qader <qader.aymen@gmail.com>
Subject: Re: [PATCH] rts5208: fix a missing check of the status of sd_init_power
Date: Wed, 2 Jan 2019 13:28:14 +0300 [thread overview]
Message-ID: <20190102102814.GF3781@kadam> (raw)
In-Reply-To: <20181225083334.68473-1-kjlu@umn.edu>
On Tue, Dec 25, 2018 at 02:33:32AM -0600, Kangjie Lu wrote:
> sd_init_power() could fail. The fix inserts a check of its status. If it
> fails, returns STATUS_FAIL.
>
> Signed-off-by: Kangjie Lu <kjlu@umn.edu>
> ---
> drivers/staging/rts5208/sd.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/staging/rts5208/sd.c b/drivers/staging/rts5208/sd.c
> index ff1a9aa152ce..8c3fd885a4f3 100644
> --- a/drivers/staging/rts5208/sd.c
> +++ b/drivers/staging/rts5208/sd.c
> @@ -2352,7 +2352,9 @@ static int reset_sd(struct rtsx_chip *chip)
> break;
> }
>
> - sd_init_power(chip);
> + retval = sd_init_power(chip);
> + if (retval != STATUS_SUCCESS)
> + goto status_fail;
Are you able to test this?
I don't think you appreciate the risk of applying this patch. We are
taking code which succeeds and making it fail. That's a risky thing.
The benefit is just that it makes a static analysis tool happy?
It would be different if the benefit were that it improves security or
prevents a crash. Or if you could test it.
This is the reset_sd() function. It always feels a bit hacky to me to
even have a reset function. It basically means you know you have messed
up but you don't know where or how so let's just try scrub everything
and go back to the start. Maybe the driver is trying to work around a
firmware bug. I often find bugs in reset functions which show they have
not been tested... It's so tricky for me to do a cost benefit analysis
here, but I sort of think we should leave the code as-is.
It's frustrating because the static analysis tool is probably right, but
maybe the code only works because two bugs cancel each other out? We
can't know without testing.
In a more ideal world we would do the static analysis on patches before
they are applied and refuse to apply them until the maintainer explains
why the function is not checked.
regards,
dan carpenter
prev parent reply other threads:[~2019-01-02 10:28 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-25 8:33 [PATCH] rts5208: fix a missing check of the status of sd_init_power Kangjie Lu
2019-01-02 10:28 ` Dan Carpenter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190102102814.GF3781@kadam \
--to=dan.carpenter@oracle.com \
--cc=arnd@arndb.de \
--cc=colin.king@canonical.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=kjlu@umn.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=pakki001@umn.edu \
--cc=qader.aymen@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox